mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
#1662 - Secured draft/archived content
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@44555 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
2c8e304294
commit
15eff6e217
@ -85,13 +85,23 @@ class ContentController extends Controller {
|
||||
}
|
||||
|
||||
singleton('SiteTree')->extend('contentcontrollerInit', $this);
|
||||
|
||||
Director::set_site_mode('site');
|
||||
|
||||
// Check permissions
|
||||
// Check page permissions
|
||||
if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->can('View')) {
|
||||
Security::permissionFailure($this);
|
||||
}
|
||||
|
||||
// Draft/Archive security check - only CMS users should be able to look at stage/archived content
|
||||
if($this->URLSegment != 'Security' && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
|
||||
if(!Permission::check('CMS_ACCESS_CMSMain')) {
|
||||
$link = $this->Link();
|
||||
$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", "You must log in with your CMS password in order to view the draft or archived content. <a href=\"%s\">Click here to go back to the published site.</a>");
|
||||
Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -180,7 +190,7 @@ class ContentController extends Controller {
|
||||
public function SilverStripeNavigator() {
|
||||
$member = Member::currentUser();
|
||||
|
||||
if(Director::isDev() || ($member && $member->isCMSUser())) {
|
||||
if(Director::isDev() || Permission::check('CMS_ACCESS_CMSMain')) {
|
||||
Requirements::css('sapphire/css/SilverStripeNavigator.css');
|
||||
|
||||
Requirements::javascript('jsparty/behaviour.js');
|
||||
|
@ -99,7 +99,7 @@ class Security extends Controller {
|
||||
* permission to
|
||||
* access the item.
|
||||
*/
|
||||
static function permissionFailure($controller, $messageSet = null) {
|
||||
static function permissionFailure($controller = null, $messageSet = null) {
|
||||
// Prepare the messageSet provided
|
||||
if(!$messageSet) {
|
||||
$messageSet = array(
|
||||
|
Loading…
Reference in New Issue
Block a user